CS0-003 exam

Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?A . MITRE ATTACKB . Cyber Kill ChamC . OWASPD . STIXTAXIIView AnswerAnswer: A Explanation: MITRE ATT&CK is a framework and knowledge base that describes the tactics, techniques, and procedures...

An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?A . Take a snapshot of the compromised server and verify its integrityB . Restore the affected server to remove...

An organization has experienced a breach of customer transactions. Under the terms of PCI DSS, which of the following groups should the organization report the breach to?A . PCI Security Standards CouncilB . Local law enforcementC . Federal law enforcementD . Card issuerView AnswerAnswer: D Explanation: Under the terms of...

A company that has a geographically diverse workforce and dynamic IPs wants to implement a vulnerability scanning method with reduced network traffic. Which of the following would best meet this requirement?A . ExternalB . Agent-basedC . Non-credentialedD . CredentialedView AnswerAnswer: B Explanation: Agent-based vulnerability scanning is a method that involves...

The following output is from a tcpdump al the edge of the corporate network: Which of the following best describes the potential security concern?A . Payload lengths may be used to overflow buffers enabling code execution.B . Encapsulated traffic may evade security monitoring and defensesC . This traffic exhibits a...

As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?A . Critical asset listB ....

A security analyst obtained the following table of results from a recent vulnerability assessment that was conducted against a single web server in the environment: Which of the following should be completed first to remediate the findings?A . Ask the web development team to update the page contentsB . Add...

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output: Which of the following commands should the administrator run next to further analyze the compromised system?A . gbd /proc/1301B . rpm -V openssh-serverC . /bin/Is -1 /proc/1301/exeD . kill -9...

A company's legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations. Which of the following is the best way to...

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?A . A mean time to remediate of 30 daysB . A mean time to...